There are four environment roles:
- Owner
- Contributor
- Operator
- Viewer
You can set one of these roles as the default for an environment. The default role applies to all current and future users who don’t have a specific role assigned.
Default environment access is defined in two areas:
- When you create an environment.
- When you edit an existing environment.
Read Role permissions for details on what each role can do.
Project roles and environment roles are independent of each other. The permissions granted by your project role do not affect the permissions granted by your environment role, and vice versa.For example, if you have the Viewer project role and the Contributor environment role, your project role determines what you can do with project variables—you can view them, but you cannot create, update, or delete them. Although you cannot edit project variables due to your project role, your environment role means that you can create, edit, and delete environment overrides for project variables in your environment.
Editing an environment’s default role
To edit the default role on an environment, use the following steps:
- In your project, click the Environments tab.
- Click the three dots … next to the environment you want to modify.
- Click Edit Environment.
- Use the Default environment access drop-down menu to select the new default role for the intended environment. Choose Owner, Operator, Contributor, or Viewer.
Edit user environment role
Any user with the Owner role for a project can assign a user’s environment role. To do this:
-
In your project, click the Environments tab.
-
Click the three dots … next to the environment you want to set the role on.
-
Click Edit user access.
-
Use the Access drop-down menu to choose the access level for the individual user.
To find specific users quickly, search by name or email address.
-
Click Save.
The new access will take effect immediately.
Role permissions
The four roles, Owner, Contributor, Operator, and Viewer, have specific permissions for the following features:
Users assigned the Super Admin role are always granted the Owner role for all environments in that account. Owner role permissions
| Validate | Sample | Run | Publish |
|---|
| Pipelines | ✅ | ✅ | ✅ | ✅ |
| View | | | |
|---|
| Executions | ✅ | | | |
| Lineage | ✅ | | | |
| Schema | ✅ | | | |
| Create | View | Edit | Delete |
|---|
| Environment overrides | ✅ | ✅ | ✅ | ✅ |
| Schedules | ✅ | ✅ | ✅ | ✅ |
| Create | View | Edit | Delete |
|---|
| Project variable environment overrides | ✅ | ✅ | ✅ | ✅ |
Contributor role permissions
| Validate | Sample | Run | Publish |
|---|
| Pipelines | ✅ | ✅ | ✅ | ✅ |
| View | | | |
|---|
| Executions | ✅ | | | |
| Lineage | ✅ | | | |
| Schema | ✅ | | | |
| Create | View | Edit | Delete |
|---|
| Environment overrides | ✅ | ✅ | ✅ | ✅ |
| Schedules | ✅ | ✅ | ✅ | ✅ |
| Create | View | Edit | Delete |
|---|
| Project variable environment overrides | ✅ | ✅ | ✅ | ✅ |
Operator role permissions
| Validate | Sample | Run | Publish |
|---|
| Pipelines | ❌ | ❌ | ❌ | ❌ |
| View | | | |
|---|
| Executions | ✅ | | | |
| Lineage | ✅ | | | |
| Schema | ❌ | | | |
| Create | View | Edit | Delete |
|---|
| Environment overrides | ❌ | ❌ | ❌ | ❌ |
| Schedules | ✅ | ✅ | ✅ | ✅ |
| Create | View | Edit | Delete |
|---|
| Project variable environment overrides | ❌ | ✅ | ❌ | ❌ |
Viewer role permissions
| Validate | Sample | Run | Publish |
|---|
| Pipelines | ✅ | ✅ | ❌ | ❌ |
| View | | | |
|---|
| Executions | ✅ | | | |
| Lineage | ✅ | | | |
| Schema | ✅ | | | |
| Create | View | Edit | Delete |
|---|
| Environment overrides | ❌ | ❌ | ❌ | ❌ |
| Schedules | ❌ | ✅ | ❌ | ❌ |
| Create | View | Edit | Delete |
|---|
| Project variable environment overrides | ❌ | ✅ | ❌ | ❌ |
The tables above use the following icons to indicate permission levels for each role. Any blank cell indicates that this permission is not applicable to environments.
| Icon | Permission level | Description |
|---|
| ✅ | Allowed | A user can perform this action. |
| ❌ | Not allowed | A user cannot perform this action. |
